Research On Cryptographic Reverse Firewalls For Searchable Encryption And Proxy Re-encryption

In the time of cloud computing,cloud storage has become a popular choose for business users.With the usage of cloud computing,users has their own safety requirements,and many encryption protocols are proposed.For example,searchable encryption and proxy re-encryption.When these cryptographic protocols work normally,data security can be guaranteed,but in practice,the machine running the cryptographic protocol itself may also become the target of an attack.If the machine running the cryptographic protocol itself is attacked and the cryptographic algorithm is replaced,the cryptographic protocol will not be able to guarantee its security.The Snowden incident showed that intelligence agencies can replace cryptographic algorithms with administrative power.Therefore,in order to prevent such attacks and improve the security of the cloud computing cryptographic protocol,this thesis uses cryptographic reverse firewalls to ensure that the security and anti-leakage of searchable publickey encryption protocol and proxy re-encryption protocol.Furthermore,this thesis tests the performance of cryptographic reverse firewalls.The main research contents of this thesis are as follows:(1)A searchable publickey encryption with cryptographic reverse firewalls(SPKE-CRF)is proposed.The solution is based on searchable encryption and design a cryptographic reverse firewall solution,which can resist algorithm substitution attacks(ASA).We firstly give the system model and security model of SPKE-CRF,then construct a specific scheme based on the bilinear pair,finally analyze the security and performance of SPKE-CRF,and prove that when the security level is 192,the computational cost of introducing CRF only increases by 2.93%.(2)A proxy re-encryption with cryptographic reverse firewalls(PRE-CRF)is proposed.The solution is based on PRE and design a cryptographic reverse firewall solution,which can resist ASA.We firstly give the system model and security model of PRE-CRF,and construct a specific scheme based on the bilinear pair,finally analyze the security and performance of PRE-CRF,and prove that when the security level is 192,the computational cost of introducing CRF only increases by 4.38%.The above two schemes are both the application of cryptographic reverse firewall in cloud computing environment,which provides the ability to resist ASA for the cryptographic protocol under cloud computing.Considering that ASA occurred on a large scale in the Snowden incident,this solution has certain practical significance for ensuring data security in cloud computing.